Disable directory listing in Apache

If mod_autoindex is installed and enabled, files and directories will be listed whenever you're browsing a directory and no DirectoryIndex files (normally configured as index.html, index.htm, index.php, welcome.html) are present in that directory.

It's a very useful feature but perhaps for security reasons you might not want to allow this. You can disable this feature by using any of these methods:

Disable Apache directory listing by disabling mod_autoindex

The easiest way is probably to disable the autoindex module entirely. This would affect all the sites hosted on the server, which could be both good and bad.

The module is called autoindex, and can be disabled by the a2dismod command, as in the following example.

$ sudo a2dismod autoindex

Disable Apache directory listing by Directory's Options directive

The option could be applied per-directory, via the Directory's Option directive as the following.

<Directory /var/www/mysite>
    Options -Indexes
</Directory>

Notice that it's -Indexes and not +Indexes

This could be set in your Apache's configuration file.

Disable Apache directory listing via .htaccess

The above method would also work by adding a .htaccess file with the following content that you want directory listing to be disabled.

Options -Indexes

Restart Apache for the changes to take effect

Sign up for Complete Apache HTTP Server Course and many other great courses on Udemy to learn more.


Written by Mohd Shakir Zakaria. Last updated on 2019-02-12